US8578176B2ActiveUtilityA1

Method and apparatus for tokenization of sensitive sets of characters

98
Assignee: MATTSSON ULFPriority: Mar 26, 2008Filed: Mar 26, 2008Granted: Nov 5, 2013
Est. expiryMar 26, 2028(~1.7 yrs left)· nominal 20-yr term from priority
Inventors:Ulf Mattsson
G06F 21/6218G06Q 20/24G07F 7/084G07F 7/122G06Q 20/4016G06Q 20/341G06Q 20/40G07F 7/1008G07F 7/1016H04L 9/0891G06Q 99/00
98
PatentIndex Score
279
Cited by
16
References
22
Claims

Abstract

A method and system for secure handling of sensitive sets of characters in a distributed hierarchical system are disclosed, comprising at least one local server on a lower hierarchic level and at least one central server at a higher hierarchic level. The method comprises the steps: receiving a sensitive set of characters in said local server; replacing a part of said sensitive set of characters with a token to form a tokenized set of characters, said token belonging to a subset of possible tokens assigned to the local server by the central server; transferring at least one of said sensitive set of characters and said tokenized set of characters to the central server; and canceling said sensitive set of characters from said local server within a limited time from said transferring, while maintaining said tokenized set of characters in a local database connected to said local server.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method for secure handling of sensitive sets of characters in a distributed hierarchical system comprising at least one local server on a lower hierarchic level and at least one central server at a higher hierarchic level, the method comprising:
 receiving a sensitive set of characters at the local server; 
 replacing a portion of the sensitive set of characters with a token from a token table that maps at least two token values to each possible combination of digits of the portion of the sensitive set of characters to form a tokenized set of characters, wherein the token is chosen randomly from between the at least two token values, and wherein the token belongs to a subset of possible tokens assigned to the local server by the central server; 
 transferring at least one of the sensitive set of characters and the tokenized set of characters to the central server; 
 deleting the sensitive set of characters from the local server within a predetermined amount of time from the transferring; and 
 storing the tokenized set of characters in a local database connected to the local server. 
 
     
     
       2. The method of  claim 1 , wherein the sensitive set of characters is at least one of a number associated with personal information related to an individual and a number associated with financial holdings and transactions. 
     
     
       3. The method of  claim 2 , wherein the sensitive set of characters is at least one of a credit card number, a bank account number, a social security number, a driver license number and a birth certificate number. 
     
     
       4. The method of  claim 1 , wherein the sensitive set of characters comprises at least one subset of characters generated in a random fashion, wherein the portion is contained within the subset of random characters. 
     
     
       5. The method of  claim 4 , wherein the sensitive set of characters comprises at least 16 characters and wherein the portion comprises at least 6 characters. 
     
     
       6. The method of  claim 1 , wherein deleting the sensitive set of characters from the local server is performed at least once every 24 hours. 
     
     
       7. The method of  claim 1 , wherein the subset of possible tokens assigned to the local server by the central server is transferred from the central server to the local server. 
     
     
       8. The method of  claim 7 , wherein the token table is replaced periodically at the local server. 
     
     
       9. The method of  claim 7 , wherein the hierarchical system comprises at least two local servers, and wherein the token table is a general token table assigned to all the local servers. 
     
     
       10. The method of  claim 7 , wherein the hierarchical system comprises at least two local servers, and wherein the token table is a unique local token table assigned to each of the local servers, the local token tables comprising tokens belonging to different subsets of possible tokens. 
     
     
       11. The method of  claim 1 , wherein there are at least two local servers, and each local server is assigned a different subset of possible tokens by the central server. 
     
     
       12. The method of  claim 1 , further comprising generating a hash value for the sensitive set of characters, and storing the hash value in association with the tokenized set of characters in the local database connected to the local server. 
     
     
       13. The method of  claim 1 , wherein transferring the at least one of the sensitive set of characters and the tokenized set of characters to the central server comprises encrypting the at least one of the sensitive set of characters and the tokenized set of characters with an encryption key prior to transferring. 
     
     
       14. The method of  claim 13 , wherein the encryption key is renewed periodically, wherein renewing the encryption key comprises generating a renewed encryption key based on the encryption key and subsequently erasing the encryption key. 
     
     
       15. The method of  claim 1 , further comprising monitoring the frequency of replacing a portion of a sensitive set of characters with a token to form a tokenized set of characters at each local server, and issuing an alarm if a determined threshold level is exceeded. 
     
     
       16. The method of  claim 1 , wherein the subset of possible tokens assigned to the local server by the central server is assigned in the form of at least one range of numerical or alphanumerical token values reserved by the central server for each one of the at least one local server, for dynamic generation of token values by the local server within the range. 
     
     
       17. The method of  claim 1 , wherein the subset of possible tokens assigned to the local server by the central server is assigned in the form of a static token table provided by the central server. 
     
     
       18. The method of  claim 1 , wherein receiving a sensitive set of characters in the local server and replacing a portion of the sensitive set of characters with a token to form a tokenized set of characters are performed locally at the local server. 
     
     
       19. The method of  claim 1 , wherein replacing a portion of the sensitive set of characters with a token to form a tokenized set of characters further comprises performing a check-sum test for the tokenized set of characters, and, responsive to a failed check-sum test, replacing the portion with another token. 
     
     
       20. A method for securely handling sensitive sets of characters in a distributed hierarchical system comprising a primary local server and a secondary local server, wherein the hierarchic level of the primary local server is higher than the hierarchic level of the secondary local server, and comprising:
 receiving a sensitive set of characters at the secondary local server; 
 transferring the sensitive set of characters to the primary local server; 
 deleting the sensitive set of characters from the primary local server within a predetermined amount of time from the transferring; 
 replacing, at the primary local server, a portion of the sensitive set of characters with a token from a token table that maps at least two token values to each possible combination of digits of the portion of the sensitive set of characters to form a tokenized set of characters, wherein the token is chosen randomly from between the at least two token values, and wherein the token belongs to a subset of possible tokens assigned to the primary local server by the central server; 
 transferring, from the primary local server, at least one of the sensitive set of characters and the tokenized set of characters to the central server; 
 deleting the sensitive set of characters from the primary local server within a predetermined amount of time from the transferring; and 
 storing the tokenized set of characters in a local database connected to the primary local server. 
 
     
     
       21. A method for securely handling sensitive sets of characters in a distributed hierarchical system comprising a primary central server and a secondary central server, wherein the hierarchic level of the primary central server is higher than the hierarchic level of the secondary local server, and comprising:
 receiving, at the secondary central server, from a local server, a sensitive set of characters; 
 replacing, at the secondary central server, a portion of the sensitive set of characters with a token from a token table that maps at least two token values to each possible combination of digits of the portion of the sensitive set of characters to form a tokenized set of characters, wherein the token is chosen randomly from between the at least two token values, and wherein the token belongs to a subset of possible tokens assigned to the secondary central server by the primary central server; 
 transferring at least one of the sensitive set of characters and the tokenized set of characters to the primary central server; and 
 storing the sensitive set of characters and the tokenized set of characters in a central database connected to at least one of the primary and secondary central server. 
 
     
     
       22. A system for secure handling and storing of sensitive sets of characters, the system comprising a distributed hierarchical environment with at least one local server on a lower hierarchic level and at least one central server at a higher hierarchic level, the at least one local server comprising:
 a non-transitory computer readable storage medium storing executable program code comprising code for:
 receiving a sensitive set of characters at the local server; 
 replacing a portion of the sensitive set of characters with a token from a token table that maps at least two token values to each possible combination of digits of the portion of the sensitive set of characters to form a tokenized set of characters, wherein the token is chosen randomly from between the at least two token values, and wherein the token belongs to a subset of possible tokens assigned to the local server by the central server; 
 transferring at least one of the sensitive set of characters and the tokenized set of characters to the central server; 
 deleting the sensitive set of characters from the local server within a predetermined amount of time from the transferring; and 
 storing the tokenized set of characters in a local database connected to the local server; and 
 
 a processor for executing the program code.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.